3: Name <whatever name you want to call the VR> (You dont have to do this bit, but is good for keeping it secure).

Apply and OK

4: Network / Zones

5: New

6: Name <Whatever you want to call it>

7: Virtual Router name <whatever you just made in 3 above - or - Trust-vr>

8: Network / Interfaces / List

At this point either you have the Interfaces in a bgroup or they are seperate, if in a group assign the IP to the group or if single assign to single interface. So, if your interface, for example is in bgroup zero do this (I will use made up addresses):

14: Make sure TunnelIF is in the drop down menu (Top right of main window) and click on "new"

15: Next available tunnel should be shown, but for this example I will use "tunnel.1"

16: Zone = <Whatever you called it in step 6>

17: Unnumbered

18: Interface = Either the group (as mentioned before) or the actual interface

19: Untrust port next (Either E0/0 or on the 140's I think it is E0/1)

20: Zone name = Untrust

21: Static IP = 10.99.78.2 / 24

22: Managed services - Whatever you want to manage the interface

23: Click Apply (A route option then appears)

24: Click on the Route radio button then apply and OK

25: VPNs / Autokey Advanced / Gateway

26: New

27: Gateway Name = <Whatever you want to give it>

28: Static IP address = 10.99.78.1 / 24

29: Click Advanced

30: Preshared key = whatever you want it to be (Must be the same both ends)

31: Outgoing interface (Untrust) = Either E0/0 or E0/1, whichever you have as the untrust interface

32: Security level = Custom = pre-g2-3des-sha

33: Mode initiator = Main (ID Protection)

34: Return and OK

35: VPNs / AutoKey IKE

36: New

37: VPN Name = Whatever you want to name it

38: Remote Gateway = (Whatever you called the gateway at 27 above)

39: Click Advanced

40: Security level = custom - g2-esp-3des-sha

41: Bind to = for this example it was tunnel.1 (But whichever tunnel was ssigned earlier in this procedure

42: Proxy ID = Ticked

43: Local IP = Your local Network

44: Remote IP = The remote network

45: VPN Monitor = ticked

46: Return and OK

47: Network / routing / destination

48: In drop down list (Top right) choose the VR the zone was in (Trust-vr or the VR you created)

49: New

50: IP Address / Netmask = 0.0.0.0 / 0

51: Click Gateway radio button

52: Interface = in our case tunnel.1

53: Leave Gateway IP Address as 0.0.0.0

54: Permanent = Clicked

55: Click OK

56: Policy / Policies

57: From Zone you named to Untrust

58: New

59: Whatever you want to allow through

60: From Untrust to Zone you named or trust

61: Whatever you want to allow through

You could add a couple of other policies if you wanted, but that part is straightforward.

At the other end, obviously do the same, but use the other gateway addresses, so the opposit.... for example, on thie end we use 10.99.78.2 as the address this end and 10.99.78.1 as the remote. So on the other end it would be 10.99.78.1 as local and 10.99.78.2 as remote.

Re: Site to site SSG140

From what I can dig out from our configs, although I am pushed for time so may have missed something.... here is the CLI information.... it is a test network connected on site, so the IPs are just made up so I dont mind them being here....